Threat Modeling Tool 7.1.51023.1 Release

Microsoft Threat Modeling Tool GA Release 7.1.51023.1 As originally noted in the GA blog post, we have released an update (7.1.51023.1) to the Microsoft Threat Modeling Tool that will require users of the Preview version (preview clients with version < 7.1.50911.2) to upgrade to the supported GA release. This release does not contain any new functionality or fixes….


Reminder: Pending Forced Upgrade for TMT Preview Clients

As noted in the GA blog post, next week we plan to release a version of the Threat Modeling Tool that will require users of the Preview version to upgrade (preview clients with version < 7.1.50911.2) to the supported GA release. This release does not contain any new functionality or fixes from the GA release…


Microsoft Threat Modeling Tool GA Release

Microsoft Threat Modeling Tool GA Release We are excited to announce the Microsoft Threat Modeling Tool is now available to download as a supported generally available (GA) release. This release contains important privacy and security updates as well as bug fixes, feature updates, and stability improvements. Existing users of the 2017 Preview version will be…


What’s New with Microsoft Threat Modeling Tool Preview

Update: The preview version of the Microsoft Threat Modeling tool has progressed to a GA release. Additional information is available here:  https://blogs.msdn.microsoft.com/secdevblog/2018/09/12/microsoft-threat-modeling-tool-ga-release/   Threat modeling is an invaluable part of the Security Development Lifecycle (SDL) process. It helps engineering teams find potential security issues earlier in the development phase, along with recommendations on how to fix them. The Microsoft…

0

Introducing BinSkim

BinSkim
BinSkim

BinSkim is a binary static analysis tool that scans Windows Portable Executable (PE) files for security and correctness.  Among the verifications performed by BinSkim are validations that the PE file has opted into all of the binary mitigations offered by the Windows Platform. Some of these mitigations ensure the binary has: SafeSEH enabled for safe…

0

Automating Secure Development Lifecycle Checks in TypeScript with TSLint

TypeScript
TypeScript

This is a guest post by Hamlet D’Arcy from Microsoft’s Social Engagement team.  Last year he noticed that while Microsoft had tooling to do static analysis for JavaScript our tooling approach for TypeScript was sub-optimal.  He and a couple of his colleagues took it upon themselves to create security checks for TypeScript using the TSLint…

0

Roslyn Diagnostics Security Analyzers Overview

Roslyn diagnostic analyzers utilize the power of Roslyn open-source C# and Visual Basic (VB) compilers to help you write more robust and secure code through rich code analysis and detailed issue explanation. In this blog post, we’ll cover some of the basics to get you started on using the security specific set of analyzers for…

19

Welcome to Secure Development at Microsoft Blog

Welcome to Secure Development at Microsoft, a blog created for us to share new security tools, services, open source projects and best development practices with you in order to instill a security mindset across the development community as a whole and enable cross collaboration among its members. With this blog, our engineers at Microsoft hope to…

4